github woodruffw/zizmor v1.0.1
on GitHub

one day ago

v1.0.1

This is a small quality and bugfix release. Thank you to everybody
who helped by reporting and shaking out bugs from our first stable release!

Improved

  • The github-env audit now detects dangerous writes to GITHUB_PATH,
    is more precise, and can produce multiple findings per run block (#391)

Fixed

  • workflow_call.secrets keys with missing values are now parsed correctly (#388)
  • The cache-poisoning audit no longer incorrectly treats docker/build-push-action as
    a publishing workflow is push: false is explicitly set (#389)
  • The template-injection audit no longer considers github.action_path
    to be a potentially dangerous expansion (#402)
  • The github-env audit no longer skips run: steps with non-trivial
    shell: stanzas (#403)
Check out latest releases or
releases around woodruffw/zizmor v1.0.1

Don't miss a new zizmor release

NewReleases is sending notifications on new releases.

Get notifications